[cfe-dev] RFC: static analysis, malloc annontation for return via pointer argument
Nuno Lopes
nunoplopes at sapo.pt
Wed Dec 19 14:57:23 PST 2012
Hi,
Just FYI, gcc has an attribute (alloc_size) that allows one to specify that
a function returns a buffer of a size that is the multiplication of a given
list of parameters. e.g.:
void* my_calloc(size_t, size_t) __attribute__((alloc_size(1,2)))
We already have Sema support for this attribute.
However, this attribute is not expressive enough for other functions (e.g.,
strdup), so I've proposed a new attribute back in June:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2012-June/022272.html
There wasn't much feedback at the time, and therefore I didn't implemented
it. But I think such an attribute would be helpfull for several things,
including the clang static analyzer, and the run-time instrumentation
features we have.
Nuno
----- Original Message -----
> Hi Scott,
>
> I've thought about this patch some more, and I have some questions. What
> are the intended semantics of this attribute? With the other attributes
> its clearer. If a function is annotated as returning an owned pointer,
> it's clear that if it is non-NULL then it is an owned pointer. But what's
> the case here? Can a function decide not to return a value at all (e.g.,
> on failure)? How would that be captured by the attribute?
>
> Thanks,
> Ted
>
> On Dec 17, 2012, at 1:55 PM, Scott Parlane <scott at scottnz.com> wrote:
>
>> Hi All,
>>
>> This patch allows for APIs were memory is allocated and placed in a
>> pointer given to them. (like asprintf, but without the realloc feature)
>>
>> Currently, when using a pointer to a stack variable as the input to the
>> function, it declares the memory leak on the next source line after the
>> stack variable is used. I think it should be declaring the leak on the
>> last line of the current scope. Which is correct ?
>>
>> Regards,
>> Scott
More information about the cfe-dev
mailing list